NousResearch hermes-agent prompt_builder.py _scan_context_content injection_CVE-2026-9366

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-9366

Source VulDB

Published May 24, 2026 at 08:15

Affected Product

Vendor NousResearch

Product hermes-agent

Version 2026.4.23

Affected Versions NousResearch hermes-agent 2026.4.23

CWE Classification

CWE-74 CWE-707

References

{
    "lastseen": "",
    "description": "A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-24T08:15:09.911Z",
    "modified": "2026-05-24T08:15:09.911Z",
    "type": "cve",
    "title": "NousResearch hermes-agent prompt_builder.py _scan_context_content injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365329\nhttps://vuldb.com/vuln/365329/cti\nhttps://vuldb.com/submit/812227\nhttps://gist.github.com/YLChen-007/581fd92de5548fbaacb2092e848a75cc",
    "id": "CVE-2026-9366",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74",
        "CWE-707"
    ],
    "cvelist": null,
    "sourceData": "NousResearch hermes-agent 2026.4.23",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "hermes-agent",
    "version": "2026.4.23",
    "vendor": "NousResearch",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}